VYPR
Medium severity5.3GHSA Advisory· Published May 28, 2025· Updated Apr 15, 2026

CVE-2024-47057

CVE-2024-47057

Description

SummaryThis advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames.

User Enumeration via Timing Attack: A user enumeration vulnerability exists in the "Forget your password" functionality. Differences in response times for existing and non-existing users, combined with a lack of request limiting, allow an attacker to determine the existence of usernames through a timing-based attack.

MitigationPlease update to a version that addresses this timing vulnerability, where password reset responses are normalized to respond at the same time regardless of user existence.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
mautic/corePackagist
>= 1.0.0, < 4.4.164.4.16
mautic/corePackagist
>= 5.0.0-alpha, < 5.2.65.2.6
mautic/corePackagist
>= 6.0.0-alpha, < 6.0.26.0.2

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.